Make a Request
Visit the request form. You will be required to login with your UNI and password.
You may submit a renewal request up to 30 days in advance of your certificate's expiration.
Approvals may take up to 5 business days. Initial requests for non-
.columbia.edu domains will take longer, will require additional information to be submitted, and changes to the DNS records by the WHOIS admin contact.
Wildcard certificates require additional validation by the certificate authority; you may be contacted for additional information.
CUIT has paid for a bulk license with for the InCommon Certificate Service for unlimited standard, SAN, and wildcard SSL certificates. These certs are provided by Comodo, a leading commercial provider of certificates through an arrangement with the Internet2 InCommon consortium.
Columbia University Information Technology has purchased a block of SSL Server Certificates from InCommon. These are available to the Columbia community at zero cost.
Who Is Eligible? What Domains Are Eligible?
All Columbia University departments and affiliates can use this service. CUIT will sign certificates for domains in
columbia.edu and other domains controlled by Columbia University departments and affiliates subject to the University's Internet Domain Name Policy.
Will CUIT Approve Certificate Signing Requests Submitted Via Other Certificate Authorities?
No. CUIT will only approve certificate requests submitted via CUIT's InCommon SSL Certificate portal. We will not authorize requests submitted via other Certificate Authorities.
Why Use A CUIT InCommon SSL Certificate?
We offer standard SSL, Unified Communication, multi-domain, and wildcard certificates; all at zero cost.
How Long Is A CUIT InCommon SSL Certificate Good For?
Certificates are valid for 2 years from when they are issued. You will receive email directly from InCommon starting 30 days before the certificate expires.What Is The Minimum Length For Certificate Keys?
Certificate keys must be at least 2048-bit. 1024-bit keys are no longer accepted. For more information, see InCommon's key length documentation.
Reusing CSRs and Keys for Certificates
Certificate Signing Requests (CSR) and their keys shall not be reused. Users must generate and submit new CSRs whenever certificates are renewed.